Lucene search
HistoryMay 30, 2014 - 2:55 p.m.
CVE-2014-0202
cve-2014-0202
ovirt-engine-dwh
red hat enterprise virtualization manager data warehouse
rhevm-dwh package
sensitive information disclosure
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
The setup script in ovirt-engine-dwh, as used in the Red Hat Enterprise Virtualization Manager data warehouse (rhevm-dwh) package before 3.3.3, stores the history database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file.
Affected configurations
Node
redhatrhevm-dwhRange≤3.3.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| redhat:rhevm-dwh | redhat rhevm-dwh | le | 3.3.2 |
Related
redhat
redhat
(RHSA-2014:0559) Low: rhevm-dwh 3.3.3 security and bug fix update
2014-05-27 00:00:00
nessus
nessus
RHEL 6 : rhevm-dwh 3.3.3 (RHSA-2014:0559)
2014-11-08 00:00:00
prion
prion
Design/Logic Flaw
2014-05-30 14:55:00
nvd
nvd
CVE-2014-0202
2014-05-30 14:55:08
cvelist
cvelist
CVE-2014-0202
2014-05-30 14:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2014-0202